A massive credential-compromise campaign dubbed “Fortibleed” has been found to expose tens of thousands of Fortinet devices worldwide, with researchers warning of persistent attacker access to affected enterprise environments.
The campaign was first flagged by security researcher Volodymyr Diachenko, who posted on LinkedIn about finding an attacker-controlled list of potentially working FortiGate passwords collected “through various means.”
Further details came from SOCRadar after its team independently discovered an operational server, which belonged to an unnamed threat actor and contained a list of stolen FortiGate passwords, tools, automation infrastructure, victim list, and some telling...